Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/G0059BjDQoChmH0y-RaQDUODtao.roa
File:                     G0059BjDQoChmH0y-RaQDUODtao.roa (raw, json)
Hash identifier:          eeojMwLb6a6ikvEuebRyTQPBO/bfZT43fBShGzPjcF8=
Subject key identifier:   1B:4D:39:F4:18:C3:42:80:A1:98:7D:32:F9:16:90:0D:43:83:B5:AA
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       018CC649E2F30515BE20DAED306CDE83D8ED
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/G0059BjDQoChmH0y-RaQDUODtao.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201340
IP address blocks:        194.170.8.0/24 maxlen: 24
                          194.170.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e2:f3:05:15:be:20:da:ed:30:6c:de:83:d8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b4d39f418c34280a1987d32f916900d4383b5aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:97:01:84:91:92:c7:7c:45:e4:c1:6a:f2:1c:
                    f1:ba:0e:08:61:ff:af:8a:9c:8f:9b:28:ea:b4:e4:
                    06:cb:69:81:be:34:0e:10:40:85:a6:61:be:ff:4e:
                    f3:cd:35:72:48:59:b2:b9:42:cb:25:68:b2:d9:da:
                    20:87:bf:a0:14:dc:c9:a2:b2:f3:22:29:9f:df:2b:
                    4d:90:90:46:a3:67:6c:40:b3:ad:f8:dc:05:b9:90:
                    74:7d:91:fd:ae:a3:75:2f:d4:bb:a1:43:98:31:1f:
                    d6:5d:b1:14:6f:35:7a:c6:55:45:90:ea:05:0c:12:
                    97:76:a0:1e:74:36:4c:dc:a9:27:0d:e4:19:8c:92:
                    ab:37:c7:f3:0c:19:e6:de:f2:08:f0:13:40:b5:8c:
                    bc:b5:8c:33:6a:56:7c:0f:3b:46:0f:78:c8:7a:38:
                    5b:f6:bd:19:31:aa:af:f5:43:a0:9c:23:f1:5d:d5:
                    05:15:93:be:ad:52:29:d9:a8:04:f6:12:ef:68:e3:
                    23:5b:f0:b6:08:2d:67:de:ad:8f:27:b6:38:84:e4:
                    ca:8e:37:d8:72:72:c0:cf:41:7c:d5:a8:db:16:28:
                    a2:e0:52:8a:67:76:f0:a4:b8:80:10:26:ba:72:82:
                    ec:7d:82:bc:33:7d:29:25:54:98:e7:a9:6f:ad:cf:
                    b1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:4D:39:F4:18:C3:42:80:A1:98:7D:32:F9:16:90:0D:43:83:B5:AA
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/G0059BjDQoChmH0y-RaQDUODtao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.170.8.0/24
                  194.170.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:38:9c:f3:94:4a:e7:08:87:72:53:be:c5:ec:a1:91:46:2d:
         50:3c:1e:c3:73:3a:9c:dc:b7:99:ce:d8:b4:4e:25:a1:d6:fb:
         e1:f7:41:40:e7:0c:d6:74:c4:6d:60:ff:7e:7b:ae:2a:93:cb:
         78:1b:66:c6:6a:a7:43:8e:6c:d5:f0:eb:71:98:36:5c:bc:d8:
         f1:6d:5b:a9:16:b3:43:82:4e:43:c7:23:22:0d:c4:92:2b:6e:
         e1:a8:62:cc:6d:16:9e:f7:1a:0a:cc:2d:b9:09:75:01:96:8e:
         ac:1e:17:3f:3c:70:50:51:36:23:3f:f5:a3:f2:7e:dd:0b:13:
         85:b6:28:25:30:b4:db:54:1d:d9:70:79:05:d0:ae:25:6e:86:
         d9:22:f7:87:11:fc:07:ec:91:fc:61:02:ca:b6:53:34:4f:19:
         0d:4a:0a:05:7c:40:2a:08:11:d3:97:10:bb:98:e8:44:33:41:
         6c:f1:35:28:57:49:d9:bf:a0:d2:f1:5d:5c:ba:c7:39:fd:9c:
         ab:65:0e:83:85:54:08:1e:ff:06:ab:b1:85:9e:27:2b:5b:38:
         7d:ec:81:2e:a9:cd:51:82:5e:aa:fe:24:19:b8:88:b4:d0:c6:
         81:04:a5:52:c1:2a:b4:bd:77:29:16:13:72:f5:d2:a3:80:f6:
         70:52:40:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSeLzBRW+INrtMGzeg9jtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjRkMzlmNDE4YzM0MjgwYTE5ODdkMzJmOTE2OTAwZDQzODNiNWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJcBhJGSx3xF5MFq8hzxug4IYf+v
ipyPmyjqtOQGy2mBvjQOEECFpmG+/07zzTVySFmyuULLJWiy2dogh7+gFNzJorLz
Iimf3ytNkJBGo2dsQLOt+NwFuZB0fZH9rqN1L9S7oUOYMR/WXbEUbzV6xlVFkOoF
DBKXdqAedDZM3KknDeQZjJKrN8fzDBnm3vII8BNAtYy8tYwzalZ8DztGD3jIejhb
9r0ZMaqv9UOgnCPxXdUFFZO+rVIp2agE9hLvaOMjW/C2CC1n3q2PJ7Y4hOTKjjfY
cnLAz0F81ajbFiii4FKKZ3bwpLiAECa6coLsfYK8M30pJVSY56lvrc+xLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBtNOfQYw0KAoZh9MvkWkA1Dg7WqMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvRzAwNTlCakRRb0NobUgweS1SYVFEVU9EdGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwqoIAwQA
wqr1MA0GCSqGSIb3DQEBCwUAA4IBAQBHOJzzlErnCIdyU77F7KGRRi1QPB7Dczqc
3LeZzti0TiWh1vvh90FA5wzWdMRtYP9+e64qk8t4G2bGaqdDjmzV8OtxmDZcvNjx
bVupFrNDgk5DxyMiDcSSK27hqGLMbRae9xoKzC25CXUBlo6sHhc/PHBQUTYjP/Wj
8n7dCxOFtiglMLTbVB3ZcHkF0K4lbobZIveHEfwH7JH8YQLKtlM0TxkNSgoFfEAq
CBHTlxC7mOhEM0Fs8TUoV0nZv6DS8V1cusc5/ZyrZQ6DhVQIHv8Gq7GFnicrWzh9
7IEuqc1Rgl6q/iQZuIi00MaBBKVSwSq0vXcpFhNy9dKjgPZwUkAq
-----END CERTIFICATE-----